How to troubleshoot SSL “bad record MAC” exception

前端 未结 2 519
后悔当初
后悔当初 2020-12-29 12:37

I am using an Apache CXF client, running in a Windows Java 1.6.0_29-b11 VM to connect to an IBM mainframe (I believe it is zSeries), and invoking a SOAP Web Service running

相关标签:
2条回答
  • 2020-12-29 13:08

    If you are getting a lot of bad packets due to some fault in your network it can happen that a bad packet will at random survive the 32-bit TCP checksum. About 1 in 4 billion bad packets will slip by TCP. Once this packet is delivered to SSL it will generate a bad record MAC for sure, because the SSL Mac is 96 bits in size.

    If this is the cause, the only solution is improve the network.

    Note that, in general, this is a very unlikely cause of a bad record MAC. Even a network with faulty hardware that generates bad packets is unlikely to generate them with correct IP and TCP metadata such that the packets are actually passed to the socket corresponding to the TLS connection.

    0 讨论(0)
  • 2020-12-29 13:11

    This isn't related to Java, it is an SSL/TLS failure:

    20  Bad record MAC  fatal   Possibly a bad SSL implementation, or payload
                                has been tampered with e.g. FTP firewall rule
                                on FTPS server.
    

    It probably has something to do with the SSL implementation and the amount of data that is being sent being too big, I doubt it is random.

    0 讨论(0)
提交回复
热议问题